360-CERT每日安全简报
Daily Security Briefing
2020-11-05 星期四
安全工具 Security Tools
Infection Monkey - 自动化渗透测试工具
https://github.com/guardicore/monkey
安全研究 Security Research
CVE-2020-14882:Weblogic Console 权限绕过深入解析
https://cert.360.cn/report/detail?id=a95c049c576af8d0e56ae14fad6813f4
Linux Rootkits 系列文章 - 如何为 Linux 编写 Rootkit
https://xcellerator.github.io/posts/linux_rootkits_01/
CVE-2020-14871:Solaris溢出漏洞分析
https://www.fireeye.com/blog/threat-research/2020/11/critical-buffer-overflow-vulnerability-in-solaris-can-allow-remote-takeover.html
深入研究Windows计划任务及其运行过程
https://nasbench.medium.com/a-deep-dive-into-windows-scheduled-tasks-and-the-processes-running-them-218d1eed4cce
Windows虚拟技术武器化
https://vxug.fakedoma.in/papers/VXUG/Exclusive/WeaponizingWindowsVirtualization.pdf
使用/proc/maps在Android App中检测动态加载
https://sayfer.io/blog/dynamic-loading-in-android-applications-with-proc-maps/
使用SWD在STM32上读写固件
https://cybergibbons.com/hardware-hacking/reading-and-writing-firmware-on-an-stm32-using-swd/
安全事件 Security Incident
Maze勒索软件宣布关闭业务
https://www.bleepingcomputer.com/news/security/maze-ransomware-shuts-down-operations-denies-creating-cartel/
金条交易商JM Bullion遭遇数据泄露
https://securityaffairs.co/wordpress/110290/cyber-crime/jm-bullion-hacked.html
玩具制造商美泰遭遇勒索袭击
https://www.bleepingcomputer.com/news/security/leading-toy-maker-mattel-hit-by-ransomware/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn